Lux
Security & Compliance

Your network data,
protected by design

Nexma is built with security as a foundational principle. We are actively pursuing industry-leading certifications to provide independently verified assurance that your data meets the highest standards of protection.

SOC 2 Type II

AICPA Service Organization Control

Actively pursuing certification

SOC 2 Type II evaluates an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy over a sustained period. Nexma is actively pursuing SOC 2 Type II certification to provide our customers with independently verified assurance that their network design data is protected by rigorous, auditable controls.

  • Security and access controls
  • System availability and monitoring
  • Data processing integrity
  • Confidentiality of customer data

ISO 27001

International Information Security Management

Actively pursuing certification

ISO/IEC 27001 is the internationally recognized standard for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). Nexma is actively pursuing ISO 27001 certification to demonstrate our commitment to managing information security systematically and in accordance with global best practices.

  • Information security management system
  • Risk assessment and treatment
  • Organizational security policies
  • Continuous improvement processes

How we protect your data

Security is embedded in every layer of the Nexma platform, from infrastructure to application.

Encryption at rest and in transit

All customer data is encrypted using AES-256 at rest and TLS 1.3 in transit. Network design files, geocoded addresses, and fiber allocation data are never stored in plaintext.

Role-based access control

Fine-grained permissions ensure that team members only access the projects and data they need. Organization-level controls provide administrators with full visibility.

Infrastructure monitoring

Continuous monitoring of our cloud infrastructure with automated alerting for anomalous activity. Regular vulnerability scanning and penetration testing.

Data residency and retention

Customer data is stored in SOC 2-compliant cloud infrastructure. Configurable data retention policies and full data export capabilities upon request.

Questions about security?

Our team is happy to discuss our security practices, compliance roadmap, or answer any questions about how we handle your data.

Contact our security team